Mumbai/New Delhi: Tucked in a corner on the sixth floor of a commercial building in a grubby neighbourhood of Mumbai’s Jogeshwari is a two-room dingy office. Four people sit inside, busily scrolling through data on their computers under a flickering tubelight.
One needs to struggle to open the door to the office as there is no handle on the outside. The four people inside are too busy to allow for much interruption.
Asked about their work, one of them replies: “We do background checks.” Reluctant to divulge more details, he shuts the door. “I cannot share more,” he adds.
This is the office of iSec Services Private Limited — the company at the centre of an alleged phone-tapping scandal involving a former Mumbai top cop and the leadership of the National Stock Exchange (NSE) — India’s largest stock exchange and the world’s largest derivatives exchange.
While this is the address listed on the iSec website for its Mumbai office, the records of the Registrar Of Companies (ROC) mention that the company is located in Vasant Kunj, New Delhi.
The latter address is a retired Army major general’s residence, which has been rented out. When ThePrint visited the address this month, the current occupant claimed that it was used by iSec years ago, and that he had been staying in the house for the past six years.
According to the iSec website, the company was incorporated in 2001. It mentions Santosh Pandey as the founder and one of the directors. Santosh is the mother of Sanjay Pandey, former Mumbai Police commissioner, who himself is a former director of the company.
The website also says that iSec provides “security audit services”, “vulnerability assessment”, “compliance audits”, “network services” and more.
The Enforcement Directorate (ED) has, however, alleged that iSec and Sanjay Pandey illegally intercepted MTNL lines at the NSE between 2009 and 2017, and recorded the calls of more than 100 employees and brokers, on the directions of the NSE leadership.
The employees whose conversations were intercepted were allegedly working in the market watch, market surveillance and risk management departments, and had access to critical databases like trading numbers.
The alleged scam was revealed when the ED was investigating another matter — the NSE co-location case, where it has been alleged that the servers of the bourse were manipulated for “wrongful gains”.
The CBI arrested Chitra Ramkrishna, who served as NSE chief executive and managing director between 2013 and 2016, in the case in March this year. According to the ED, Ramkrishna shared crucial and confidential information about the NSE with an individual she called a “Himalayan yogi”.
The information on the alleged tapping of phones by iSec was flagged to the CBI by the ED, following which a case was registered against iSec Services, Sanjay Pandey, his mother Santosh Pandey, his son Armaan Pandey, and former senior NSE officials, including Ramkrishna, Ravi Narain (former MD), Ravi Varanasi (former executive vice-president) and then Mahesh Haldipur (former head of premises).
“A case has been registered in this regard and we are investigating the matter,” a CBI officer said, refusing to divulge more details.
The ED then registered a separate case under sections of the Prevention of Money Laundering Act, on the basis of the CBI’s FIR and arrested Pandey on 19 July. The ED has alleged that iSec Services, which Pandey floated, intercepted calls inside the NSE without the required approvals, calling it a violation under the Indian Telegraph Act.
They claim this was done under the guise of purported study into cyber vulnerabilities at the NSE for which iSec was paid Rs 4.5 crore.
Although no action has been taken against the other people named in the FIR, they are likely to be summoned for questioning, ED sources said.
Reached for comment, Pandey’s lawyer Tanveer Ahmed Mir told ThePrint that iSec was just “analysing the transcripts of conversations” that were handed over to them by the NSE, and not monitoring the calls live.
He also said that iSec had earlier provided similar services — of analysing calls and flagging suspicious activities — to many government institutions, including SEBI and national banks. He claimed that the interception is not illegal as it was done for “monitoring purposes”.
The alleged tapping, he claimed, had been happening since the late 1990s.
Meanwhile, in a separate case registered on 19 May, the CBI also accused iSec of violating SEBI norms by “fraudulently auditing” two NSE “high-risk” stockbrokers who were involved in algorithmic trading using the co-location facility. This FIR, too, was registered on a reference from the ED.
According to the CBI, iSec Services conducted an audit of SMC Global Securities Ltd and Shaastra Securities Trading Private Limited without being eligible for the same. Since they were not eligible, the investigation agency says, they paid money to two external firms and used their name instead.
ThePrint has copies of all the CBI FIRs registered against Pandey and iSec.
Who is Sanjay Pandey?
Sanjay Pandey, who retired as Mumbai Police Commissioner in June this year, and was a director of iSec Services until 2006, resigned from the IPS twice in his career, but was reinstated each time, according to his lawyer Tanveer Ahmed Mir.
Mir argued in Pandey’s bail petition — filed at Delhi’s Rouse Avenue court — that he was not drawing a salary from the Maharashtra government when he was part of iSec.
ThePrint has a copy of the petition.
Mir said Pandey is an IIT Kanpur graduate in Computer Science Engineering, who also holds a Master’s degree in Public Administration from Harvard University. Pandey, he added, joined the IPS in 1986 and was appointed Mumbai Police commissioner on 28 February 2022, after having served in several departments including vigilance and crime.
According to his lawyer, Pandey first resigned from the IPS in 2000 and joined as the head of global cybersecurity at Tata Consultancy Services (TCS). However, the Maharashtra government refused to accept his resignation and he was compelled to withdraw the same by January 2002, Mir said.
Even so, Mir added, the state government accepted his resignation in May 2002 and accordingly refused to give him a post. This led to the initiation of service-related litigation before the Central Administrative Tribunal (CAT) in 2003, he said.
From 2001 to 2006, Pandey’s employment as an IPS officer was in a state of “limbo” and it was during this time that he started iSec Services, Mir added.
“He was not receiving any salary from the government, nor was he given any posting. It was during this time, in 2001, that Pandey along with another colleague from IIT Kanpur incorporated iSec,” he claimed.
In May 2006, the Delhi High Court, in relation to the service matter, said Pandey should be reinstated and he was posted as joint commissioner vigilance in the Maharashtra Food and Drug Administration. Following this, he resigned from iSec on 17 May 2006, he said.
“Since he resigned from iSec, no service rules were flouted. Pandey also transferred his shareholding to one of his family members,” Mir added.
On 26 March 2007, Pandey is said to have again applied for voluntary retirement, a request he “withdrew on 24 September 2008″. Another round of litigation commenced and he was reinstated in 2011 and given the rank of deputy inspector general of police, Mumbai, in December that year.
“Between February 2007 and December 2011, Pandey’s employment was in a state of limbo. Compulsory wait during this period entailed no salary, no housing, no allowance or work of any kind,” Mir said.
“It was during this period that Pandey again became involved in the working of iSec in a supervisory capacity playing a very peripheral role. He (Pandey) was neither a shareholder or director in iSec (at this point),” he added.
4 primary lines, 120 connections — the ‘tapping’ of NSE phones
It was sometime in 2009 that iSec allegedly submitted a proposal to the NSE to conduct a “periodic study of cyber vulnerabilities” within the organisation, according to ED sources.
The proposal, ED sources said, was processed by Mahesh Haldipur, then assistant vice-president at the NSE, and Chitra Ramkrishna, and approved by Ravi Narain, who was the MD at the time.
A work order was issued in March 2009, addressed to Sanjay Pandey, to carry out the study of cyber vulnerabilities at NSE between January 2009 and February 2017, sources in the ED added.
According to sources, in the initial meetings, Sanjay Pandey — his IPS tenure then said to have been in “limbo” — visited the NSE to represent iSec in pitches.
A payment of Rs 4.5 crore for this project was made by NSE to iSec between 2009 and 2017, the sources said.
“The NSE was provided with four primary rate interface (PRI) lines, each having a capacity of 30 telephone connections, by MTNL, which originated from MTNL and terminated at EPABX of NSE,” a source said.
EPABX is like a mini telephone exchange within an organisation that allows faster communication between employees internally, as well as external calls.
The ED investigation, according to sources, has found that iSec intercepted and monitored calls on these 4 PRI lines and submitted copies of conversation transcripts to the top management of NSE between 1 January 2009 and 13 February 2017.
“What is illegal here is that the telephonic monitoring was done without taking permission of the competent authority (the home secretary of the state), which is mandatory under Section 5 of the Indian Telegraph Act, 1885, as well as without the knowledge or consent of the employees,” an ED source said.
“Moreover, possession of wireless telegraphy apparatus without licence, which was set up by NSE in connivance with iSec, too, is an offence,” the source said.
The “illegal machine” that was used to intercept calls between 2012 and 2017 was sold as e-waste scrap by NSE in 2019, the source alleged.
According to the ED source, the erstwhile Union Ministry of Communications and IT (department of telecommunications) issued a public notice dated 31 December 2010, mentioning that “establishing, maintaining working unauthorised telegraph intrusion into signal room, unlawfully attempting to learn contents of the message and intentionally tampering with telegraphs are offences”.
The list of telephone numbers that had to be monitored, ED sources said, were given by Chitra Ramkrishna to Ravi Narain, who then gave it to Mahesh Haldipur and they would give it to iSec.
“It is critical because the top management was privy to information on market watch real-time data,” the source added.
The ED has also alleged that, in 2012, Naman Chaturvedi, an information and security analyst at iSec, provided confidential reports — titled ‘monitoring report for call logs’ — to Ravi Varanasi, former executive vice-president at NSE. These reports did not contain any data pertaining to cyber vulnerabilities at NSE, but were analyses of conversations between employees, sources told ThePrint.
The ED suspects that this data, too, could have been misused for some “undue gains”, like in the co-location scam, and the angle is being investigated. However, until now, the said case only revolves around the alleged illegal tapping of phones.
An investigation has revealed that the set-up for monitoring these calls was made on the 7th floor of the NSE Plaza in Mumbai.
Until 2012, sources said, iSec used a set-up provided to the NSE by a company called Comtel to monitor the calls. The NSE subsequently purchased a call monitoring set-up from a company called NEXSUS Techno Solutions Private Limited through iSec, ED sources said.
When ThePrint visited the Comtel office in Mumbai’s Andheri (East) this month, the employees said they had never dealt with the NSE directly and provided hardware (computer systems) to brokers working at the bourse.
“We are only involved in providing hardware infrastructure to brokers. The brokers come to us and ask for computers and we supply them. We do not provide any software services. Moreover, neither iSec nor NSE has ever had any business with us. We only deal with brokers,” Comtel CEO Sanjay Kumar said.
He added: “A phone-tapping system can be set up on a computer, but for that a software is required. We do not deal in software.”
ThePrint also visited an address listed on the NEXSUS website as its office in Andheri (East), but didn’t find the premises there.
Contacted for comment, NEXSUS spokesperson Kavita Walawalkar refused to answer any questions. When asked why the address of the office given on their website is incorrect, she said, “I cannot comment on anything right now.”
The ED has not yet summoned anyone from either Comtel or NEXSUS for the probe. When asked, a source said they will be questioned in due course.
Sharing ID-password, in-time of staff — What all did iSec flag
According to the bail application filed by Pandey’s lawyer, iSec was primarily involved with cybersecurity consulting, which includes audits, policy design and evaluation of cybersecurity systems and processes.
The proposal given by iSec for the “cyber-vulnerability study”, Mir said, stated that the NSE was to provide a hard drive containing the pre-recorded call data of its employees on a weekly basis, and iSec was required to listen to those, analyse suspicious activities and submit a report.
Mir clarified that iSec was not tapping phones and listening to real-time conversations. The mandate was for iSec to determine whether there were any system or process vulnerabilities, he said.
iSec, Mir added, would provide various details, including “compromised passwords and cybersecurity breaches and violation of access control measures”.
According to transcripts available with the ED, in one of the calls that was flagged as suspicious, an employee of the NSE was found to have shared his ID and password.
This call, according to details mentioned in Pandey’s bail application, was made by a woman, an NSE employee, to a colleague who told her that Shashank, also an employee, was not present and that she should log in through his ID.
This was flagged as a serious breach of “security protocols”.
The report said that “security of passwords for critical servers is very weak and the policy of disclosure of passwords is not being followed. Production servers have simple passwords and are being communicated openly on telephone”.
In another call, mentioned in Pandey’s bail application, an employee was found to have told a colleague to put the “in-time for someone”. In this regard, the report submitted to NSE by iSec noted that “access control measures seem to be violated”.
Another call flagged was where a person is said to have called an employee from the NSE risk department, and requested him to keep his computer in “sharing as he wanted certain risk-related data stored therein”. This, the report said, was done “secretly” as the employee told the other employee, “tum kisi ko bolna mat (don’t tell anyone)”, and the other person responded by saying, “muh band rakhne ki kimat lagti hai (there is a price to be paid for silence)” — according to Pandey’s bail plea.
“These were the calls that were flagged as suspicious. And such reports were periodically prepared by iSec and handed over to the NSE. iSec was doing nothing but aiding the NSE in tightening its security, protocols and processes so as to avoid possible leakage and misuse of sensitive information,” Mir claimed.
While arguing for Pandey’s bail earlier this month, Mir also told the Delhi district court in Rouse Avenue that the NSE gave Pandey a record, and he flagged calls that indicated illegal activities, including IPL betting.
“NSE employees are betting in IPL and I am flagging those activities… What wrong did I commit?” Pandey had reportedly asked in court.
ED sources, meanwhile, told ThePrint that apart from these “minor calls” being flagged as suspicious, iSec was privy to a lot more that could have been misused.
“These are not just calls related to password changes or ‘in-time’. But also related to critical market data which, if leaked, can be misused to make a lot of money. The specifics of it are being looked into,” a source said.
‘Not illegal, iSec provided such services to SEBI, national banks’
Countering the ED’s allegations, lawyer Mir said the installation of such systems — “which is done only to monitor internal calls made by or to employees from a premises — is not illegal and is beyond the purview of the licensing regime contemplated in the Telegraph Act and/or the Indian Wireless Telegraphy Act”.
“The mere act of the NSE monitoring the calls made from its own landline connections is not an offence under the telegraph Act, the wireless telegraphy Act and/or the Information Technology Act, let alone the PC (prevention of corruption) Act,” he claimed.
He also argued that the information being monitored was not “personal information”, but only professional information relating to data protection and cybersecurity.
“This is not recording of lines outside their organisation, but within the organisation to weed out illegalities. People who are calling those lines are brokers and the calls were being recorded to flag any suspicious activities which may land the stock exchange in financial trouble,” Mir claimed.
Around 2005, he said, iSec was also engaged as a consultant by the Securities and Exchange Board of India (SEBI) for evaluating systems and processes of depositories i.e. National Services Depository Limited (NSDL) and Central Depository Services Ltd (CSDL).
“Such systems and solutions are being widely used by various private as well as government entities,” Mir said.
ThePrint reached the SEBI spokesperson on email for a comment on Mir’s claim, but had received no response until the time of publishing this report. This report will be updated when a response is received.
“The website of NEXSUS itself reveals that it has provided similar systems to various entities including the West Bengal State Electricity Distribution Company Ltd, HDFC Services, Health India TPA Services Pvt Ltd, India Infoline Group, Bajaj Capital Group,” Mir claimed.
However, ThePrint checked the NEXSUS website but found no mention of its clients there.
Mir said that, even with the NSE, this service was sought from iSec to ensure that there is no leak of sensitive information, which could potentially lead to insider or unfair trading, allowing people to make illegal profits.
“There is a vital and critical need for cyber, data and information security at the NSE. The NSE is the leading stock exchange of India and the world’s largest derivatives exchange. The information available with the NSE and its employees is very critical, sensitive, and has a great potential for misuse. And this is what was being looked into,” Mir said.
Pandey’s bail application also said that iSec was given to understand that NSE had been “monitoring the calls made from the landlines installed on its premises since 1997”.
“NSE already had a system in place for collection of data with respect to the calls of its employees and Comtel used to provide the hardware for the same,” Mir claimed.
Mir also questioned why the ED was probing the case, saying there was no money laundering involved.
He said iSec received Rs 4.54 crore for its services to NSE between 2009 and 2017, which was done through cheques and was accounted for. Out of this, a rental of Rs 75 lakh was paid to Pandey by iSec for using the premises where the company had an office.
“All money has come through cheques, tax is paid and it is all accounted for. There is no money that has not been declared, there are no hawala transactions, no round-tripping, no shell companies, no money trail, then what is the ED really probing?” he asked. “Pandey has accepted that iSec was paid this much amount for its services. What is there to probe?”
He also said that the ED cannot be doing a “surrogate investigation for CBI”.
“To investigate violation of prevention of corruption Act and the telegraph Act is the domain of the CBI and not the ED. The ED is to only probe the money aspect. Then why is the CBI silent? The ED has jumped into the shoes of the predicate agency and wants to prove the crime. It is not their domain and so this arrest is arbitrary,” he said.
The ED said that the CBI is investigating its case. A source in the CBI, however, only said, “We will be seeking Pandey’s custody for questioning. The case is under investigation.”
Meanwhile, Sanjay Pandey is still in judicial custody. The Delhi High Court last week sought a response from the ED on his bail plea, after he challenged the trial court order that had rejected his bail application.
(Edited by Poulomi Banerjee)